Displaying 20 results from an estimated 10351 matches for "realm".
Did you mean:
real
2019 Jul 05
6
smb.conf realm parameter
Hello,
??? Is the realm parameter case sensitive? For example does 'realm =
example.domain.com' differ from 'realm = EXAMPLE.DOMAIN.COM' in
smb.conf? Thanks.
??? - James
2017 Feb 01
3
samba creating keytabs... ( possible bug, can someone confirm this )
Hai,
I noticed something strange in the keytab file on my member server.
This is a followup of : [Samba] winbind question. (challenge/response password authentication)
Samba 4.5.3 on Debian Jessie.
Leave the domain.
net ads leave -k
Deleted account for 'PROXY2' in realm 'REALM'
I checked in windows, and the computer is gone in the “Computer” ou.
Removed the keytab file.
rm krb5.keytab
net ads join –k
Using short domain name -- NTDOM
Joined 'PROXY2' to dns domain 'internal.domain.tld'
check the new keytab ( created at...
2017 Feb 01
1
winbind question. (challenge/response password authentication)
...ssh logins with AD users. Userdirs nfsv4.
- NFSv3 and NFSv4 (krb5) (with systemd with automount for user home dirs )
- Squid with basic auth. ( over ldap ssl)
- Put needed SPN in the keytab file.
o bug found : samba-tool spn add HTTP/hostname.domain.tld at REALM proxy2$ )
§ keytab result is http/ not HTTP/ squid needs HTTP !
Not working :
- Winbind user tests.
- Kerberos Auth for squid. Need to fix keytab first.
The setup/config
The running smb.conf
[global]
workgroup = NTDOM
security = ads
...
2019 Jan 10
1
Realm trust between Samba AD and MIT kerberos realm
Hi all,
I was hoping to setup a realm trust between a Samba AD domain and a
kerberos realm running mit-krb5, however it looks like that isn't
currently supported. Is that correct, or am I missing something (I'm
running Samba 4.9.4)?
Having noticed that "samba-tool domain trust" only seems to cater for
trusts invo...
2009 Nov 05
1
Samba + Windows 2008 + Solaris + Native nss_ldap/gssapi - Possible?
...with DONT_REQ_PREAUTH (seems to
be needed for Solaris kinit -k), and the resulting keytab is unusable by
Solaris kinit:
before net ads join:
Keytab name: FILE:/etc/krb5/krb5.keytab
KVNO Principal
----
--------------------------------------------------------------------------
18 host/fqdn at REALM (AES-256 CTS mode with 96-bit SHA-1 HMAC) HMAC/md5)
18 host/fqdn at REALM (ArcFour with HMAC/md5)
18 host/fqdn at REALM (DES cbc mode with RSA-MD5)
18 host/fqdn at REALM (DES cbc mode with CRC-32)
kinit -k
Default principal: host/fqdn at REALM
Valid starting Expires...
2004 May 05
2
chan_sip and Digest realm
I am going to change my Digest realm to match my DNS SVR record.
I dug through the code in chan_sip.c and on line 2748 I found it hard
coded <frown> :
snprintf(tmp, sizeof(tmp), "Digest realm=\"asterisk\", nonce=\"%s\"",
r\anddata);
I'm going to change this to :
snprintf(tmp, sizeof(tmp), &...
2019 Jul 05
3
smb.conf realm parameter
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Rowland penny via samba
> Verzonden: vrijdag 5 juli 2019 15:44
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] smb.conf realm parameter
>
> On 05/07/2019 14:31, L.P.H. van Belle via samba wrote:
> > Rowland,
> >
> > Do you know is samba is changing the smb value here to
> uppercase in the background.
> > ( see:
> https://web.mit.edu/kerberos/krb5-1.12/doc/admin/realm_config.html )
&g...
2019 Jan 11
5
samba-tool auth in scripts
Am 10.01.19 um 14:09 schrieb Rowland Penny via samba:
> You don't ;-)
> You do what the script should have done (I feel version 0.8.10 will
> soon make an appearance), export the cache to use <export
> KRB5CCNAME="/tmp/dhcp-dyndns.cc"> and then use '$KRB5CCNAME' wherever
> '/tmp/dhcp-dyndns.cc' appears, except for:
> [...]
Yes, that worked.
2016 Mar 02
2
samba server with two kerberos realms
...the system is set up, username existance and UID is determined by
/etc/passwd . Then sssd checks whether username/password are correct or not
with the kerberos servers and retrieves nothing else (from them).
This works fine as I can log in with ssh using username/password from either
kerberos realms.
> > If sssd is not going to work for the overall goal of being able to use
> > credentials from either Kerberos realm to authenticate, then I'm happy to
> > ditch it!
>
> I am not saying that sssd won't work for what you are trying to do, you
> are just asking...
2019 Jan 14
4
dehydrated hook for LetsEncrypt certs and samba dns (was: samba-tool auth in scripts)
(@Rowland)
> Whilst it is quite correct to say that the REALM isn't the same as a
> DNS domain, there is a correlation between them. The REALM must be the
> DNS domain in uppercase, so this:
>
> SAMBA_PRINCIPAL=dehydrated-service at YOUR.DOMAIN
No, you can have your.primayDNSdomain.tld and have REALM = SOMEREALM.TLD
Its not obligated to hav...
2016 Oct 04
4
winbindd losing track of RFC2307 UIDs
On Mon, 3 Oct 2016, Rowland Penny wrote:
> On Mon, 3 Oct 2016, Rob wrote:
>> # idmap config for domain
>> idmap config MY.AD.REALM.COM:backend = ad
>> idmap config MY.AD.REALM.COM:schema_mode = rfc2307
>> idmap config MY.AD.REALM.COM:range = 10000-99999
[...]
>
> You might think it works fine, but it will probably work better if you
> change 'idmap config MY.AD REALM.COM' to '...
2009 Sep 02
1
Samba 3.4 is unable to list users with getent and id (idmap_ad backend)
Dear All,
I'm using Samba Version 3.2.6 under Solaris 8 with the following config:
netbios name = pegasus
realm = REALM.NET
workgroup = REALM
security = ADS
encrypt passwords = yes
password server = *
os level = 20
socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
idmap backend = ad
idmap config REALM:schema_mode = sfu
winbind...
2004 Jan 14
2
Difference Between Domain and ADS security In Reference to Realms
...ll
don't understand what the difference is between "security=DOMAIN" versus
"security=ADS." I complied Samba to include ADS support, and I initially chose
"security=DOMAIN." When I use the "net" command I can add it to my domain.
However, if I set "realm=our.ads.realm" and do the same "net" command, then I
get a message saying that server was added to the realm. What is the difference
between adding the Samba server to the realm using "security=DOMAIN" versus
adding it to the realm using "security=ADS?"
Thanks!!
2016 Mar 01
2
samba server with two kerberos realms
Hi Rowland,
> Are you using sssd or nslcd ?
I am using sssd. I can ssh into the server using credentials from either
kerberos realm.
E.g.
ssh cwseys at PHYSICS.WISC.EDU@smb01.physics.wisc.edu
(works)
ssh seys at AD.WISC.EDU@smb01.physics.wisc.edu
(works)
PHYSICS.WISC.EDU is an MIT kerberos KDC.
AD.WISC.EDU is a active directory KDC (etc).
The reason I thought sssd would be best is because I want to use the
/etc/passwd file f...
2019 Mar 01
8
(no subject)
...re this server to enable login via domain
credentials. I'm aware that the Samba wiki recommends the following:
- https://wiki.samba.org/index.php/Configuring_Winbindd_on_a_Samba_AD_DC
- https://wiki.samba.org/index.php/Authenticating_Domain_Users_Using_PAM
However, I'm familiar with using Realmd (using its default SSSD) to
join Linux servers to a MS AD domain, to enable SSH and sudo using
domain credentials. So I'm trying to use Realmd on my Samba DC, using
windbind instead of sssd (because Samba already uses winbind).
I first installed libpam-winbind, and then attempted the followi...
2015 Mar 05
2
creating Kerberos host principals for multiple hostnames, multihomed server
....
But: only via one hostname.
Those machines need a working Kerberos login via multiple hostnames
(each hostname has its own IP address and DNS is set up correctly.)
"net ads keytab list" of course gives me the main hostname that was in
use when joining the domain (host/my-server at MY.REALM.COM).
With "net ads keytab add" I can only add service principals without
specifying the FQDN of the desired principal.
Is there a way for me to add a "host/my-server2 at MY.REALM.COM" principal
to the machines' keytab?
I'm very much out of ideas and have searched all...
2019 Jan 14
1
dehydrated hook for LetsEncrypt certs and samba dns (was: samba-tool auth in scripts)
...ts
> and samba dns (was: samba-tool auth in scripts)
>
> On Mon, 14 Jan 2019 13:03:42 +0100
> "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:
>
> > Hai Rowland,
> > >
> > > We are talking a Samba AD DC here and this means the realm must be
> > > the same as the forest dns domain. As Samba AD doesn't
> (yet) support
> > > subdomains, the domain will be the same as the forest domain.
> > > There is a line here:
> > >
> > > https://wiki.samba.org/index.php/Setting_up_Samba_as...
2003 Sep 02
2
Realm = or workgroup = ?
I think samba is cool.
I'm trying to understand the relationship between these 3 options:
Realm = MYGROUP.COM
Security = ADS
Workgroup = MYGROUP
And my samba file server is a member of AD
My server is W3K
Nothing seemed to work until I specified the realm
Do I also NEED the workgroup parameter ?
Shouldn't the workgroup and realm parameters exclusive from each other ?
-aaron
2013 Sep 03
1
Asterisk 12 Outbound Authentication Failures on Realm
...pjsip module...
When I create an registration object that links to an auth object, the
registration fails with "res_pjsip_outbound_authenticator_digest.c:90
digest_create_request_with_auth: Failed to create new request with
authentication credentials" unless the auth object has it's realm set
exactly to the realm returned in the 401 response from the remote server.
Shouldn't the auth object automatically be using the realm from the
incoming 401? Otherwise I have to create an auth object for each remote
server even if the only thing different is the realm (the scenario is a
pro...
2012 Oct 10
2
remove IP from DNS ldb
Hello
install samba4beta8 white bind 9.9.1 and internal samba DNS DB on server
white tow IP, then remove one of IPs.
Users can not connect to the server or to communicate with a server takes .
Because, Removed IP in response to client requests are sent !
How to remove not use IP from samba dns DB by Samba Tools ?